Vulnerabilities > TUG > High

DATE CVE VULNERABILITY TITLE RISK
2023-05-20 CVE-2023-32700 LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source.
local
low complexity
luatex-project miktex tug
7.8
2011-01-07 CVE-2010-2642 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products
Heap-based buffer overflow in the AFM font parser in the dvi-backend component in Evince 2.32 and earlier, teTeX 3.0, t1lib 5.1.2, and possibly other products allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer.
network
high complexity
redhat t1lib tug CWE-119
7.6